Lucene search
K

53 matches found

SUSE CVE
SUSE CVE
added 2023/04/04 2:15 a.m.2 views

SUSE CVE-2023-28645

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

6.5CVSS6.8AI score0.00745EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.6 views

TotalJS OpenPlatform 跨站脚本漏洞

TotalJS OpenPlatform is a simple enterprise-ready platform for TotalJS individual developers. It is used to run, integrate and manage multiple web applications. A security vulnerability exists in version b80b09d of TotalJS OpenPlatform, which stems from the presence of a stored cross-site scripti...

5.4CVSS5.7AI score0.00521EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/12/24 12:0 a.m.8 views

The vulnerability of the Ethernet interfaces of Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in the execution of operations outside the buffer in memory, allowing attackers to cause system failures.

The vulnerability of the Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures using specially created OPC packets...

7.8CVSS7.6AI score0.0096EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2022/11/10 8:15 p.m.14 views

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

2.7CVSS4AI score0.00455EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/29 9:15 p.m.33 views

CVE-2022-39232

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

6.5CVSS0.00983EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/26 12:0 a.m.6 views

The vulnerabilities of opcua and asyncua libraries are related to uncontrolled resource consumption, which allows attackers to cause service failures.

The vulnerability of opcua and asyncua libraries is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.8CVSS7.2AI score0.01063EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/08/26 12:0 a.m.9 views

The vulnerability of the OPC UA node-opcua software implementation, related to incorrect resource cleanup or release, allows a perpetrator to trigger a service failure.

The vulnerability of the OPC UA node-opcua software implementation is related to incorrect cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.8CVSS7.2AI score0.01248EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/12 12:0 a.m.6 views

The vulnerability of implementations of data transfer specifications in industrial networks using OPC UA .NET Standard and OPC UA .NET Legacy lies in the uncontrolled recursion involved. This allows attackers to trigger service failures.

The vulnerability of data transmission implementations in industrial networks using OPC UA .NET Standard and OPC UA .NET Legacy is related to uncontrolled recursion. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS7.1AI score0.02186EPSS
Exploits0References6Affected Software5
OSV
OSV
added 2022/04/04 8:15 p.m.5 views

CVE-2021-32994

Softing OPC UA C++ SDK Software Development Kit versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locatio...

7.5CVSS5.8AI score0.01629EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/03 12:0 a.m.5 views

Schneider Electric ConneXium Network Manager Software 安全漏洞

Schneider Electric ConneXium Network Manager Software Schneider Electric Cnm is an industrial Ethernet network management software from Schneider Electric, France. A security vulnerability exists in the Schneider Electric ConneXium Network Manager Software prior to version 03.23 and the Belden...

7.5CVSS7.3AI score0.00846EPSS
Exploits0References3
CNVD
CNVD
added 2022/03/17 12:0 a.m.17 views

Jenkins Release Helper Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a software project that is a Java-based continuous integration tool for monitoring continuous and repetitive work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated.A cross-site request forgery vulnerability exists...

4CVSS4.8AI score0.00472EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/03/11 11:15 p.m.4 views

CVE-2021-42577

An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference...

7.5CVSS7.1AI score0.00943EPSS
Exploits0References2
OSV
OSV
added 2022/03/11 11:15 p.m.7 views

CVE-2021-42262

An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition...

6.5CVSS5.8AI score0.00817EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/22 12:0 a.m.6 views

OPMS 跨站请求伪造漏洞

OPMS is an OA management system. v1.3 and previous versions of OPMS contain a security vulnerability that can be exploited to add arbitrary user accounts via /user/add...

6.5CVSS5.7AI score0.00459EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/01 12:0 a.m.16 views

backstage path traversal vulnerability

backstage is an application. Backstage is an open platform for building developer portals Backstage has a path traversal vulnerability, which stems from the fact that the product does not effectively restrict the write path for users with scaffold template write permissions, and can be exploited ...

8.5CVSS3AI score0.01206EPSS
Exploits0References1
Prion
Prion
added 2021/10/18 9:15 p.m.20 views

Design/Logic Flaw

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

4CVSS4.8AI score0.01273EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/10/18 8:30 p.m.61 views

CVE-2021-41151

CVE-2021-41151 (Backstage) : A path traversal vulnerability in the Backstage scaffolder backend allows reading sensitive files from the environment where Scaffolder Tasks run. An attacker can craft a custom Scaffolder template using a pull-request publishing action (e.g., publish:github:pull-requ...

6.8CVSS5AI score0.01273EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/06/03 10:0 p.m.97 views

CVE-2021-32662

In CVE-2021-32662, the npm package @backstage/techdocs-common (versions before 0.6.3) is affected by a path traversal vulnerability via mkdocs.yml: an attacker who can modify docs_dir in the documentation source and access the TechDocs backend could read sensitive files from the build environment...

6.5CVSS6.2AI score0.0128EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.5 views

backstage 代码问题漏洞

Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...

7.3CVSS5.7AI score0.01209EPSS
Exploits0References4
OSV
OSV
added 2021/05/13 2:15 p.m.4 views

CVE-2020-12526

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of...

5.3CVSS5.8AI score0.00955EPSS
Exploits0References2
Rows per page
Query Builder